Last modified: 2014-01-03 13:48:05 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T56718, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 54718 - install.php seems to allow setting an invalid password
install.php seems to allow setting an invalid password
Status: UNCONFIRMED
Product: MediaWiki
Classification: Unclassified
Installer (Other open bugs)
1.22.0
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-27 18:31 UTC by Niklas Laxström
Modified: 2014-01-03 13:48 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Niklas Laxström 2013-09-27 18:31:15 UTC 
I used install.php with --pass to set a short temporary password. After installation I could not log in, maybe because it was too short and thus invalid.
Comment 1 Nemo 2013-09-27 18:53:51 UTC 
[[mw:Manual:$wgMinimalPasswordLength]] is supposed to be 1.
Comment 2 Vishnu Nk 2014-01-02 13:54:19 UTC 
I would like to work on this.Can you please assign this bug to me.
Comment 3 Vishnu Nk 2014-01-02 14:00:46 UTC 
I cant find a line like that mentioned above in the file install.php
Comment 4 Vishnu Nk 2014-01-02 14:08:15 UTC 
Does Changing as per the instructions in User.php file can fix this bug?
Comment 5 Andre Klapper 2014-01-02 20:33:18 UTC 
Vishnu Nk: It could be helpful if you mentioned if you have successfully reproduced the problem, and to describe how a fix would look like.
Comment 6 Vishnu Nk 2014-01-03 13:35:02 UTC 
Sir as per mentioned above "$wgMinimalPasswordLength" was only found in the User.php file in the includes directory.
and there is a case at line number 4688 where the it has been assigned to 0.Is that the problem mentioned?
Comment 7 Andre Klapper 2014-01-03 13:44:49 UTC 
(In reply to comment #6)
> line number 4688 where the it has been assigned to

It's line 4689 in git master: https://git.wikimedia.org/blob/mediawiki%2Fcore.git/HEAD/includes%2FUser.php#L4688

> 0.Is

I read this as "0.Is" initially - please avoid [[Klempen]].

> Is that the problem mentioned?

Not sure if I understand your question, but I guess you want to use "git log" (or "blame") to investigate why == 0 was set and investigate yourself if this has something to do with this problem and test yourself a bit. :)
Comment 8 Krinkle 2014-01-03 13:48:05 UTC 
It is set to 1 by default. This applied by default (so afaik it should be affecting the installer as well).


includes/DefaultSettings.php
3949: $wgMinimalPasswordLength = 1;

includes/specials/SpecialUserlogin.php
336:	$wgMinimalPasswordLength, $wgEmailConfirmToEdit;
425:	$valid = array( $valid, $wgMinimalPasswordLength );

includes/User.php
704:	global $wgMinimalPasswordLength, ..;
718:	if ( strlen( $password ) < $wgMinimalPasswordLength ) {
853:	$length = max( 10, $wgMinimalPasswordLength );
...




It doesn't seem to be overridden or assigned anywhere else.

What exactly is the problem? I can't find any reason why the $user->setPassword call in Installer.php would be any different from others. It triggers the same validation, same settings, and throws the same exception in case of a too short or otherwise invalid value.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links